EtherHiding: Hackers create novel way to hide malicious code in blockchains
Cybercriminals have discovered a new way to spread malware to unsuspecting users, this time, by manipulating BNB Smart Chain (BSC) smart contracts to hide malware and disseminate malicious code.
A breakdown of the technique known as ‘EtherHiding’ — was shared by security researchers at Guardio Labs in an Oct. 15 report — explaining that the attack involves compromising WordPress websites by injecting code that retrieves partial payloads from the blockchain contracts.
The attackers hide the payloads in Binance smart contracts, essentially serving as anonymous free hosting platforms for them.
Guardio Labs exposes "EtherHiding" - a new threat hiding in Binance's Smart Chain, a technique that evades detection, targeting compromised WordPress sites. Read about this game-changing method! @BNBCHAIN #BNBChain #CyberSecurity https://t.co/alNI5KqKUO
— Guardio (@GuardioSecurity) October 15, 2023
The hackers can update the code and change the attack methods at will. The most recent attacks have come in the form of fake browser updates — where victims are prompted to update their browsers using a fake landing page and link.
The payload contains JavaScript that fetches additional code from the attacker’s domains. This eventually leads to full site defacement with fake browser update notices that distribute malware.
This approach allows the threat actors to modify the attack chain by simply swapping out malicious code with each new blockchain transaction. This makes it challenging to mitigate, according to the head of Guardio Labs for cybersecurity, Nati Tal, and fellow security researcher Oleg Zaytsev.
Once the infected smart contracts are deployed, they operate autonomously. All Binance can do is rely on its developer community to flag malicious code in contracts upon discovery.
Contract address flagged for scam activity. Source: Guard.io
Guardio stated that website owners using WordPress, which runs roughly 43% of all websites, need to be extra vigilant with their own security practices, before adding:
“WordPress sites are so vulnerable and frequently compromised, as they serve as primary gateways for these threats to reach a vast pool of victims.”
Related: Crypto investors under attack by new malware, reveals Cisco Talos
The firm concluded that Web3 and blockchain bring new possibilities for malicious campaigns to operate unchecked. “Adaptive defenses are needed to counter these emerging threats,” it said.
Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Leading Crypto Presale: Nexchain’s Stage 11 Hits $1.5M with $NEX at $0.042
You can participate in the ongoing Nexchain's presale and gain exposure to one of the leading AI crypto projects before the major exchanges.
Ethereum’s “Trillion Dollar Security” Boosts Onchain Safety
Ethereum Foundation unveils "Trillion Dollar Security" to enhance wallet, UX, and smart contract security.A Step Toward Mass Adoption
Tokenized U.S. Equities: Breakthrough or Just Hype?
Are tokenized U.S. equities the future or just noise? Explore their roots, market trends, and regulatory roadblocks.Where It All Began: From STOs to Tokenized StocksRegulatory Hurdles and the Real-World GapSymbolic Progress, Real Potential
Tether Launches QVAC: A Private, AI-Powered Platform
Tether unveils QVAC, an AI platform focused on privacy, running locally without centralized service dependence.Tether Unveils QVAC: Privacy-Focused AI PlatformLocal AI for Maximum ControlA New Chapter in Tether’s Expansion
Trending news
MoreCrypto prices
More
